Curriculum
Course: Certified Phishing Prevention Specialist...
Login
Text lesson

Definition and evolution of phishing

Phishing is a type of cyberattack that uses deceptive tactics to steal sensitive information, such as login credentials, credit card numbers, or personal data. The term originates from “fishing,” symbolizing how attackers use bait (fake communications) to lure victims into revealing information. Its “ph” spelling links to “phreaking,” a term from the 1970s for hacking phone systems​: Graphus

Evolution of Phishing

  • 1990s: Phishing began with attacks targeting America Online (AOL) users. Hackers tricked users into sharing account details via fake email messages and exploited them to spam others​

  • Early 2000s: The rise of e-commerce brought large-scale phishing targeting services like PayPal and eBay. Attackers mimicked legitimate websites to steal user credentials​

  • 2006–2010: Spear phishing, targeting specific individuals or organizations with personalized messages, gained prominence. Tools like phishing kits made these attacks accessible to less skilled criminals​

  • 2010–2020: New threats emerged, including ransomware spread through phishing emails. Business Email Compromise (BEC), which involves impersonating executives to request sensitive information, caused significant financial losses​

  • 2020–Present: Artificial intelligence (AI) has amplified phishing attacks, enabling mass personalization and deepfake-enhanced scams​

Visual Elements

Phishing attacks often utilize fake login pages, convincing logos, and mimicked branding. Scenarios include emails claiming account suspensions, fake invoices, or urgent security alerts.

For a deeper dive into phishing evolution and examples, you can explore resources like Wikipedia’s phishing article.